Big picture: Yahoo may be breathing a sigh of relief for two reasons. First, compare that to the fine Yahoo got from the Securities and Exchange Commission for $35 million. Second, this breach was investigated under the UK 1988 Data Protection Act — not under the new General Data Protection Regulation (GDPR), which became enforceable just last month and which threatens penalties that tower over this ICO fine.

Catch up fast: The 2014 breach led to the theft of at least 500 million records, including names, email addresses, phone numbers, dates of birth, hashed passwords, and some security questions and answers. Yahoo said state-sponsored hackers were behind the attack.